How my grandmother knew portals were bad. Your grandmother may have known more about computer security than you might think; I know mine did …
Our grandmothers were wont to hand out lots of sage advice (whether we wanted it or not) and we mostly ignored it (at least I did), but looking back I now realize what a true genius she was.
When I was a kid and stayed at my grandparents’ house I used to walk down to the local market with grandma to get groceries. She would always hand me one dozen eggs to put in my basket and then she’d put another dozen in hers. “We don’t put all of our eggs in one basket, you know” she used to say.
I followed her instructions not realizing until much later she was actually giving me great computer security advice. What grandma was articulating was a fundamental principle in computer communications architectures, the need to avoid a single point of failure, which is why portals are bad. Her rationale was that if something were to go wrong with my basket carrying skills, such as falling over my own feet (something that was not unheard of in my youth), then should my eggs get broken we’d still have the eggs in her basket.
Why Portals are bad
Now, there are a number of companies in the email security market that want you to put all of your secure email eggs in their service basket. These businesses use portals architectures in which you upload your messages and attached content to be “secured” and which then provides the recipients access via the portal. This is all well and good until the centralized portal becomes compromised, develops a technical fault, or is put out of service by something like a denial of service (DoS) attack. Once any of those happens, then you, the client are out of business if they are using portals as far as secured email service goes until the problem is corrected.
Recently the email encryption service ProtonMail was hit by a DoS attack that took their email services down for almost a week! Because they use a portal system and therefore a single point of failure, naturally, this attack was a disaster for them and their clients. And ProtonMail is not the only secure email service provider that uses a portal architecture; they are, however, the first but not the last, to be seriously impacted by a major hacker attack.
docNCRYPT
At Azstec we don’t use a portals in our architecture to secure your email and documents so if we were to be hit by a hacker attack or our servers were to have any kind of connectivity problem it would have no impact on your ability to send and receive encrypted email. We believe that simplicity is the best approach to security and that portal architectures just add another unnecessary dimension of vulnerability to email security and service.
Try our free 30-day trial of the docNCRYPT Outlook Plugin to see how simple it is to protect your email and confidential documents and see how smart my grandmother really was.
David Griffith is CEO of Azstec LLC, the creators of docNCRYPT. If you have any comments or questions, email David at dgriffith[at]azstec.com and follow the Azstec Blog.
Photo Credits:
Be the first to comment on "Why portals are bad to secure your email"